supply chain / tanstack-history

TanStack History

registrynpm

package name@tanstack/history

maintainerTanStack

TanStack History is a small library abstracting the browser History API, used by TanStack Router for navigation and history management. It normalizes pushState, replaceState, and the popstate event across environments.

api usage

Checking TanStack History

@tanstack/history 1.56.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=%40tanstack%2Fhistory&version=1.56.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "@tanstack/history",
  "version": "1.56.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

History management packages control the URL state seen by the rest of the routing stack. A compromised version can manipulate the history object to trigger route changes or expose navigation history to external observers.

Attestd monitors @tanstack/history using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

npm_deprecation

npm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.

Supply chain overview All npm packages TanStack Router Core TanStack React Router Response fields